I just use termux + the simple http server built into python

where does diagonal fall?

The issue people have with snaps isn't the containerization or the bundles, but the proprietary backend. There is no way to point the snaps at a different store other than the one canonical controls. Canonicals forcing snaps on people pisses a lot of people off because it's a blatant power grab, an attempt to get people dependent on something they have control over in a microsoft-esque move. Flatpaks and docker don't have that issue.

https://forgejo.org/compare-to-gitea/

I dunno, some of these are a pretty big deal, in particular:

Gitea repeatedly makes choices that leave Gitea admins exposed to known vulnerabilities during extended periods of time. For instance Gitea spent resources to undergo a SOC2 security audit for its SaaS offering while critical vulnerabilities demanded a new release. Advance notice of security releases is for customers only.

Gitea is developed on github, whereas forgejo is developed on and by codeberg, who use it as their main forge (also mentioned on that page). Someone dogfooding gives me more confidence in the software.

What? Github is not open source.

And plenty of people have issues with Github: https://sfconservancy.org/GiveUpGitHub/

their entire hosting site is, itself, proprietary and/or trade-secret software

https://nixlang.wiki/en/tricks/distrobox

https://distrobox.it/

Not the nix way, but when you really need something to work, you can create containers of other distros.

Discord is adding ads soon. Currently, they don't enforce the TOS violation of custom clients, but maybe after they add ads, they will begin to do so. I would be very careful with any of this.

The screen uses the most power out of any other piece if thr system, for daily use (on laptops which supported driversets for the OS)

Just turn the brightness down, and that will save you more battery life than tinkering with anything, unless you know a specific piece of the system (nvidia gpu) is killing your battery life.

I'm in the max server limit, 100 right now, and many of those are people who treat discord as github, which is so annoying (but many projects are of questionable legality, like Dan's palace which makes and distributes completed android and vita ports of other games for free).

One time I got excited since there was announcement for the half life 2 android source port discord. I thought it was a big update or maybe a new game, but what I saw was something like:

the memes channel is for memes, not child porn

It's just discord that has these issues. Matrix or IRC don't have these problems. Discord just creates a kind of culture that fosters this stuff.

The benefit of docker is portability. You can run software anywhere. Rather than going through all this pain of installing and managing systemd services, you can just run a docker container, often in only one command. Docker also handles things like setting environment variables, which are sometimes used by apps as a an alternative for, or even replacement for settings filed, like in the lemmy docker example: https://github.com/LemmyNet/lemmy/blob/main/docker/docker-compose.yml

Docker succeeds where java failed, but in a language agnostic way.

And I disagree with the author's point about disliking docker-only apps, for two main reasons. One, it isn't the developers responsibility to package things for every system, and two, docker containers are mostly self documenting, being very close to simply a shell script. I almost always look at dockerfiles, and I have only seen one or two that are not simple to extract to make them run outside docker.

For example, the lemmy docker image: https://github.com/LemmyNet/lemmy/blob/main/docker/Dockerfile

The author acts like it's some advanced witchcraft or something, but it's just using rust to compile stuff on an debian based system. Every command used to build lemmy is right there. Then, you can look at the environment variables set in the docker compose, and set them in a systemd service or something.

How do I tag people on lemmy?

u/tony

Incorrect, from wikipedia:

The available research indicates that the brain structure of androphilic trans women with early-onset gender dysphoria is closer to that of cisgender women than that of cisgender men.[3] It also reports that gynephilic trans women differ from both cisgender female and male controls in non-dimorphic brain areas

Aka: Trans women may have been born with the body of a man, but they were born with the brain of a woman.

https://en.m.wikipedia.org/wiki/Causes_of_gender_incongruence#:~:text=The%20available%20research%20indicates%20that,in%20non%2Ddimorphic%20brain%20areas.

Once federation gets added to one of the FOSS, self hosted alternatives, I'll probably switch. I'll mirror stuff to github probably, for resume/recruiter purposes, but the CI/CD, website deployment, and main development will happen on whatever alternative I chose.

I use https://github.com/Ylianst/MeshCentral

For this usecase. This also lets me do things like run admin cmd commands. It should be noted, however, that the Windows UAC prompt won't show up in a VNC session by default, you either need to configure UAC, or set up RDP.

you'd really have to verify isolation.

What if they live streamed the entire process, like on twitch?

I am building a homelab for during college (4 years) and I don't really feel like doing a release upgrade (ie: debian 11 to 12) in the middle of schooling or over a break when i wanna relax and just chill. Debian offers 2 years of support official, and like 4 extended (unluckily, the times didn't align so if I picked debian I would have to upgrade during college),and Rocky/alma offer 4 years official and like 8 extended.

I might be wrong (on phone rn), I recommend checking https://endoflife.date

Big difference, big enough that this factor is the singular reason companies go with them. Not having to do release upgrades as frequently means less maintenance, means less costly.

It's cause you're not actually supposed to use nix-env: https://stop-using-nix-env.privatevoid.net/

You're actually supposed to be using nix search nixpkgs#packagename to search and nix profile install nixpkgs#packagename to install.

However, to use both of those, you need to have the "experimental" (not really though, most of the community uses them) features of nix-command and nix flakes enabled, which they aren't by default.

And of course, nowhere on the main documentation did I find any if that, I only found it via the pain of using it wrong, and forum posts.

Nix's documentation is horrific. I've had situations where I only got help via discord...

Zotero is a citation manager, with a firefox extension to save an article (but really, a tab) with one click.

It also has fulltext search. You can search snapshots of everything you save.

"But I can't save all my tabs at once"

(There are some solutions, but nothIng official)

Save as you go. Computers simply don't have enough ram for 2000 tabs.

Anyway, it also seems to be able to run javascript plugins, and I saw you have some experience with that.

It also has support for folders, so you can organize it a bit better than tabs work for that.

Well damn, I guess fraud must be a lot more widespread than I thought. Because no one seems to get punished for this behavior. Just recently, Lockpick, a tool for getting Nintendo Switch roms off a physical device, was dmca'd, and the person who filed the complaint admitted to doing so on twitter. They received no punishment.

I think it's likely that this is a similar case.

git clone --depth 1 will clone a git repo without older stuff. Without this, the nixpkgs git repo is like 13-14 GB, but with a depth of 1, it's only 200 mb.

AWS is software. Just not something you can self host.

There already exist alternatives to AWS, like localstack, a local AWS for testing purposes, or the more mature openstack, which is designed for essentially running your own AWS at scale.

Adiabatic temperature change

After Twitter went to shit, where else do customers have to go for customer support like this?

Admittedly, I didn't read the article, but I have seen plenty of other cases woth cloudfare or other big providers where people have only been able to set things right by kicking up a fuss on social media --- like that recent one with amazon aws.

If you need public access:

https://github.com/anderspitman/awesome-tunneling

From this list, I use rathole. One rathole container runs on my vps, and another runs on my home server, and it exposes my reverse proxy (caddy), to the public.

It's bad to brush your teeth after eating.

The reason for that is that when acids are in the mouth, they weaken the enamel of the tooth, which is the outer layer of the tooth,” Rolle says. Brushing immediately after consuming something acidic can damage the enamel layer of the tooth.

Source: https://www.cuimc.columbia.edu/news/brushing-immediately-after-meals-you-may-want-wait

Yeah, I read that manual but it didn't answer my question.

The big problem is that the arch wiki describes a setup with nested subvolumes first (in a subvolume below @ or whatever your root subvolume is), but then suggests in a tip to use a subvolume directly below the top level subvolume. The limitations mentioned in that manual don't seem to apply to either setup, as they would prevent swap from working, which is not the case. I have tested both setups and they work fine — or so it seems. I'm worried there is some hidden gotcha I'm missing.

in addition to that, some of those limitations simply don't apply to my setup, as I only have a single device.

https://www.fieggen.com/shoelace/ianknot.htm

Also relevant: https://www.fieggen.com/shoelace/grannyknot.htm

I used to triple knot my shoes and they would still come untied. Then I switched to the ian knot, and my shoes haven't come untied by themselves in forever.

Edge WebView2

I'm like 90% sure this requires edge to be installed, even though the EU mandated that they make edge uninstallable. So that might be their game here.

rclone, but i don't know if there is is a desktop application for it that does everything (is that what you meant by interface?)

There is https://github.com/kapitainsky/RcloneBrowser, but it seems to be unmaintained, so I don't know if it supports rclone's "crypt" feature.

However, there is a web gui: https://rclone.org/gui/

Gpu passthrough, if you can do that will always be most performant.

If you want the qemu/kvm equivalent of what vmware workstation does, than look into virtualgl, which is very good (a wine port on android uses this to get good performace without direct access to host hardware), but it still may not be everything you want.

Its like people only watched the opening scene and the one in which he murders Allen.

And the business card scene. But yeah, I think a large portion of people didn't watch the actual movie, and only saw those three clips on youtube (including me).

These requirements are really specific. Whites parts of black pictures in particular, I can't think of anything that implements that.

Anyway, these probably don't have everything you want, but I use Librera:

website: https://librera.mobi/

Github: https://github.com/foobnix/LibreraReader

No material you theme, but I know it has font selection, and dictionary/translation integration.

The website claims it supports custom themings, and CSS. I can find the options in my app, but I haven't touched them.

It also supports custom fonts, including user added ones.

It supports sync between librera instances (Google Drive has first class support), but not with Foliate.

It defaults to "book mode" which is page

I guess someone is super happy they saved a few hundreds kilobytes of disk space though.

Yes. All the people basing docker images off if debian, and trying to get them as small as possible. The splitting up of packages, allows people to only pull in what they need.

Putting something on GitHub is really inconsequential if you’re making your project open source since anyone can use it for anything anyway,

Except for people in China (blocked in China) or people on ipv6 only networks, since Github hasn't bothered to support ipv6, cutting out those in countries where ipv4 addresses are scarce.

So yes, it does matter. Both gitlab and codeberg, the two big alternatives, both support ipv6 (idk about them being blocked in china). They also support github logins, so you dob't even need to make an account.

And it's not a black or white. Software freedom is a spectrum, not a binary. We should strive to use more open source, decentralized software, while recognizing that many parts are going to be out of our immediate control, like the backbone of the internet or little pieces like proprietary firmware.

Probably not an issue, but you should check. If the port opened is something like 127.0.0.1:portnumber, then it's only bound to localhost, and only that local machine can access it. If no address is specified, then anyone with access to the server can access that service.

An easy way to see containers running is: docker ps, where you can look at forwarded ports.

Alternatively, you can use the nmap tool to scan your own server for exposed ports. nmap -A serverip does the slowest, but most indepth scan.

I can spiral my tongue, so that the front part is fully upsidr down - but only to the left. I can't rotate it to the right at all for some reason, it's like the equivalent muscles are missing.

Dockers manipulation of nftables is pretty well defined in their documentation

Documentation people don't read. People expect, that, like most other services, docker binds to ports/addresses behind the firewall. Literally no other container runtime/engine does this, including, notably, podman.

As to the usage of the docker socket that is widely advised against unless you really know what you’re doing.

Too bad people don't read that advice. They just deploy the webtop docker compose, without understanding what any of it is. I like (hate?) linuxserver's webtop, because it's an example of the two of the worst footguns in docker in one

To include the rest of my comment that I linked to:

Do any of those poor saps on zoomeye expect that I can pwn them by literally opening a webpage?

No. They expect their firewall to protect them by not allowing remote traffic to those ports. You can argue semantics all you want, but not informing people of this gives them another footgun to shoot themselves with. Hence, docker “bypasses” the firewall.

On the other hand, podman respects your firewall rules. Yes, you have to edit the rules yourself. But that’s better than a footgun. The literal point of a firewall is to ensure that any services you accidentally have running aren’t exposed to the internet, and docker throws that out the window.

You originally stated:

I think from the dev’s point of view (not that it is right or wrong), this is intended behavior simply because if docker didn’t do this, they would get 1,000 issues opened per day of people saying containers don’t work when they forgot to add a firewall rules for a new container.

And I'm trying to say that even if that was true, it would still be better than a footgun where people expose stuff that's not supposed to be exposed.

But that isn't the case for podman. A quick look through the github issues for podman, and I don't see it inundated with newbies asking "how to expose services?" because they assume the firewall port needs to be opened, probably. Instead, there are bug reports in the opposite direction, like this one, where services are being exposed despite the firewall being up.

(I don't have anything against you, I just really hate the way docker does things.)

Yes it is a security risk, but if you don’t have all ports forwarded, someone would still have to breach your internal network IIRC, so you would have many many more problems than docker.

I think from the dev’s point of view (not that it is right or wrong), this is intended behavior simply because if docker didn’t do this, they would get 1,000 issues opened per day of people saying containers don’t work when they forgot to add a firewall rules for a new container.

My problem with this, is that when running a public facing server, this ends up with people exposing containers that really, really shouldn't be exposed.

Excerpt from another comment of mine:

It’s only docker where you have to deal with something like this:

---
services:
  webtop:
    image: lscr.io/linuxserver/webtop:latest
    container_name: webtop
    security_opt:
      - seccomp:unconfined #optional
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
      - SUBFOLDER=/ #optional
      - TITLE=Webtop #optional
    volumes:
      - /path/to/data:/config
      - /var/run/docker.sock:/var/run/docker.sock #optional
    ports:
      - 3000:3000
      - 3001:3001
    restart: unless-stopped

Originally from here, edited for brevity.

Resulting in exposed services. Feel free to look at shodan or zoomeye, internet connected search engines, for exposed versions of this service. This service is highly dangerous to expose, as it gives people an in to your system via the docker socket.

400+ years, Native American Haudenosaunee (improper name Iroquois) tribe:

https://atlantaciviccircle.org/2021/11/17/native-americas-influence-on-american-democracy/

And they let women vote, too.

from the linked readme: https://steamdb.info/tech/Container/Electron/

From this list, I used to love krunker.io, but I never played the steam version because it wasn't native linux.

https://moonpiedumplings.github.io/blog/twitch/

I like to watch people program on twitch. Seeing people suffer with code reminds me that I am not alone.